我有一个与表单身份验证安全客户端一起使用的mvc应用程序,所有管理用户都是在服务器端使用wcf协议制作的. 并且在服务器站点中,我将用户tocken保存在sessoin中
I'm have a mvc app that use with form authentication security client and all the manage user's is made in server side with wcf protocol. and in the server site I'm saving the user tocken in the sessoin
string token = Srv.ValidateUser(out isNewUser, model.UserName, model.Password, model.IdentityNumber); if (!string.IsNullOrEmpty(token)) { Session["Token"] = token; }使用此令牌可以在服务中标识 和用户名,形式为认证
with this token I Identifies in the services and the user name in the form authentication
FormsAuthentication.SetAuthCookie(model.UserName, false);现在我不知道如何在首次登录后或密码过期后强制用户更改密码. 我的配置是:
and now I dont know how to force user change password after first login or after password expired. My config is:
<system.web> <sessionState mode="InProc" cookieless="true" timeout="20" /> <authentication mode="Forms"> <forms path="/" loginUrl="~/Account/Login" /> </authentication> <authorization> <allow users="*" /> <deny users="?" /> </authorization> <identity impersonate="true" /> <compilation debug="true" targetFramework="4.5.1" /> <httpRuntime targetFramework="4.5" /> </system.web> <system.webServer> <modules> <remove name="FormsAuthenticationModule" /> </modules> <validation validateIntegratedModeConfiguration="false" /> </system.webServer>有人可以帮助我吗?
推荐答案在您的登录后操作中,您可以像这样检查LastPasswordChangedDate:
In your Login post action, you can check LastPasswordChangedDate like so:
var currentUser = Membership.GetUser(model.Email); if (currentUser != null) { if (currentUser.LastPasswordChangedDate == currentUser.CreationDate) { // User has not changed password since created. return RedirectPermanent("Login/?userName=" + model.Email); } }更多推荐
使用Forms身份验证首次登录asp.net mvc后强制用户更改密码
发布评论